[36995] in Kerberos
Migrating Krb5 realm
daemon@ATHENA.MIT.EDU (Andreas Ladanyi)
Thu May 21 09:40:22 2015
Message-ID: <555DE032.2090102@kit.edu>
Date: Thu, 21 May 2015 15:40:02 +0200
From: Andreas Ladanyi <andreas.ladanyi@kit.edu>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============1361949121=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============1361949121==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms010708050400030103060400"
This is a cryptographically signed message in MIME format.
--------------ms010708050400030103060400
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,
i want to migrate my old Krb5 Realm. I have a Krb5 own DB and want to
use LDAP to hold the principals in the future. Also i want to change the
realm name.
I read a lot about dumping the Krb5 DB with kdb5_util and restore them.
I also read something about replacing the master key or to reencrypt the
Krb5 DB with a new master key when dumping the DB with kdb5_util.
I dont read something about changing the realm name in the dumping
process. So iam asking myself the question if it is possible to dump,
reencrypt and change the realm name without changing the principals
password hashes ?
cheers,
Andreas
--------------ms010708050400030103060400
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIP+jCC
BNUwggO9oAMCAQICCFBOxvU9EbRkMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNVBAYTAkRFMRww
GgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3Qg
Q2VudGVyMSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0xNDA3MjIx
MjA4MjZaFw0xOTA3MDkyMzU5MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVy
ZWluMRAwDgYDVQQLEwdERk4tUEtJMSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwg
LSBHMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9
YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKmFNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2Q
RdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItqaACa7txPeKvSxhObdq3u3ibo7wGvdA/B
CaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMqljVYJ9N2xnG2kB3E7f81hn1vM7Pb
D8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HVEz2mHycwzUlU28kTNJpxdcVs
6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjggGGMIIBgjAOBgNVHQ8BAf8EBAMCAQYw
HQYDVR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJ
ei0XbAqzK50zMBIGA1UdEwEB/wQIMAYBAf8CAQIwYgYDVR0gBFswWTARBg8rBgEEAYGtIYIs
AQEEAgIwEQYPKwYBBAGBrSGCLAEBBAMAMBEGDysGAQQBga0hgiwBAQQDATAPBg0rBgEEAYGt
IYIsAQEEMA0GCysGAQQBga0hgiweMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9wa2kwMzM2
LnRlbGVzZWMuZGUvcmwvRFRfUk9PVF9DQV8yLmNybDB4BggrBgEFBQcBAQRsMGowLAYIKwYB
BQUHMAGGIGh0dHA6Ly9vY3NwMDMzNi50ZWxlc2VjLmRlL29jc3ByMDoGCCsGAQUFBzAChi5o
dHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL2NydC9EVF9ST09UX0NBXzIuY2VyMA0GCSqGSIb3
DQEBCwUAA4IBAQBjICj9nCGGcr45Rlk5MiW8qQGbDczKfUGchm0KbiyzE1l1sTOSG2EnFv/D
stU1gvuEKgFJvWa7Zi+ywgZdbj9u4wFaW8pDY1yVtuExpx/VB19N5mWCTjL5w3x6S81NXHTu
IfJ1AuxSPtLJatOQI25JZzW+f01WpOzML8+3oZeocj7JvEDWWqQIPda8gsO3tzKOsSyOam23
NQIZz/U5RFhjpyQAELC7/E6vbi84u6VXST/YblBvLJeW3B1GmmWJz67M8uXZn1OzPqEvkqnY
C8aEHwTG6x7on321e6UC8STFJGMRNMxakyAqeYg6JUKQqWU7fIbTEhUjKfws2sw5W1QXMIIF
hTCCBG2gAwIBAgIHGG3Jfo2QSjANBgkqhkiG9w0BAQsFADCBvzELMAkGA1UEBhMCREUxGzAZ
BgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJS2FybHNydWhlMSowKAYDVQQK
EyFLYXJsc3J1aGUgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJzAlBgNVBAsTHlN0ZWluYnVj
aCBDZW50cmUgZm9yIENvbXB1dGluZzEPMA0GA1UEAxMGS0lULUNBMRkwFwYJKoZIhvcNAQkB
FgpjYUBraXQuZWR1MB4XDTE0MTAyNzEzNDMxMFoXDTE3MTAyNjEzNDMxMFowUzELMAkGA1UE
BhMCREUxKjAoBgNVBAoTIUthcmxzcnVoZSBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEYMBYG
A1UEAxMPQW5kcmVhcyBMYWRhbnlpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tL0UuEE0MQWYP5MZOt+SBBDmGHZDf99xUzsFwyxvBaoS3TBZC/hul8ylNsOTrOvNbdJFOPTB
izqfYQGf+JIxAgPomyG4jomQvMXhKXcf/obhf5lj2eBN0np/wLktMvFvj+HIEBh38/1o3ZXE
SV4aMhvNW9VO116K0fh3/7TElksZ95zNj77js/JoEMQB8mGw27hw5u8VOKrDEWuzTBu4M7Vg
MdzNrYi+m3AiYv1m110i6rJ4otbThGRfcEbDHwqfONfminidzyS4aHpNyO7U98xmn360m8qs
q3smEn7XRGRgVlpzu7lNuJ8AvKZGPrM4OJ1Rhgxo5enuS1XVw29IBwIDAQABo4IB7zCCAesw
QAYDVR0gBDkwNzARBg8rBgEEAYGtIYIsAQEEAwIwEQYPKwYBBAGBrSGCLAIBBAMBMA8GDSsG
AQQBga0hgiwBAQQwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRSBxcWWTqn7d35eE0sUlWSXfPOizAfBgNVHSMEGDAW
gBQfdGX0mh169jHp32EbcysNbdAzSTAiBgNVHREEGzAZgRdhbmRyZWFzLmxhZGFueWlAa2l0
LmVkdTB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2tpdC1jYS9w
dWIvY3JsL2NhY3JsLmNybDA1oDOgMYYvaHR0cDovL2NkcDIucGNhLmRmbi5kZS9raXQtY2Ev
cHViL2NybC9jYWNybC5jcmwwgZIGCCsGAQUFBwEBBIGFMIGCMD8GCCsGAQUFBzAChjNodHRw
Oi8vY2RwMS5wY2EuZGZuLmRlL2tpdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwPwYIKwYB
BQUHMAKGM2h0dHA6Ly9jZHAyLnBjYS5kZm4uZGUva2l0LWNhL3B1Yi9jYWNlcnQvY2FjZXJ0
LmNydDANBgkqhkiG9w0BAQsFAAOCAQEALmsJ+qKYuD1TTYxYAYcOUc7Pw3SBI+PX941ze1n2
coAeuXY2Ldd2lrjyirS8eHuPCZihmbVlMe/26WqBwDLN/vk7FC5c0aatidQz6MoquWJWnHSj
1XlB/AOv9aD4tKLHURw7ejFvY3imott/vrLJrt2WjYvPaMvwAoZKgTY2bXEZQjWYnGJRthuK
1OG4CFJlQphREiewuqzjCxABnC3Rmo7BWy/yGeMGSkMsTg+uhOwv8568KtJE3z4uTWtN1w0d
T1uI1/uJ5jrsyoodUg/q31lGGgtrmElCwrHJSk+6Hp6KCXilzY9d/N/CQXkHnNLu6aDgc8gX
n9Y/cLepRKKZvzCCBZQwggR8oAMCAQICBxev928jIukwDQYJKoZIhvcNAQELBQAwWjELMAkG
A1UEBhMCREUxEzARBgNVBAoTCkRGTi1WZXJlaW4xEDAOBgNVBAsTB0RGTi1QS0kxJDAiBgNV
BAMTG0RGTi1WZXJlaW4gUENBIEdsb2JhbCAtIEcwMTAeFw0xNDA2MDUxNDA4MzFaFw0xOTA3
MDkyMzU5MDBaMIG/MQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJn
MRIwEAYDVQQHEwlLYXJsc3J1aGUxKjAoBgNVBAoTIUthcmxzcnVoZSBJbnN0aXR1dGUgb2Yg
VGVjaG5vbG9neTEnMCUGA1UECxMeU3RlaW5idWNoIENlbnRyZSBmb3IgQ29tcHV0aW5nMQ8w
DQYDVQQDEwZLSVQtQ0ExGTAXBgkqhkiG9w0BCQEWCmNhQGtpdC5lZHUwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDMsqiKiaKAQVEpL20dPB0IejTRPrajRK7mwwXpqBo/APNN
8IPtcb16pITtb5wQAaeVPvu8YA+bi5U3Dm/xeFBayQQcvUAp04cwm/nqhvveCMOpvC41qgiq
K/ZSsDQlIre78zQDgndK9IjQmFdv8XCvLR0h8N5hl4L8H2NBfY9eJ1BIPZ3eZD6tAMPYkBw7
mJzs9wPDVU6V6Uws4kEwmSUGBEw7Avp8p0DdrLwJgFd1dRyUXvwA+oncv+hzdBLQCDj5RNac
deDRUuEmalJPxeLw/KcUs/2FMGwhiuCB9+1fW3G0JgPDTTSgbRS6l9faL7kJ99pUcElvws9x
4/s0kT9zAgMBAAGjggH3MIIB8zASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIB
BjARBgNVHSAECjAIMAYGBFUdIAAwHQYDVR0OBBYEFB90ZfSaHXr2MenfYRtzKw1t0DNJMB8G
A1UdIwQYMBaAFEm3xs/oPR9/6kR7Eyn38QpwPt5kMBUGA1UdEQQOMAyBCmNhQGtpdC5lZHUw
gYgGA1UdHwSBgDB+MD2gO6A5hjdodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290
LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2gO6A5hjdodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2ds
b2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHXBggrBgEFBQcBAQSByjCBxzAzBggr
BgEFBQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEcGCCsG
AQUFBzAChjtodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jYWNl
cnQvY2FjZXJ0LmNydDBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nbG9i
YWwtcm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBADoW
Jv/UVyB9nfsoym9xKp8a7sOLa4XSPU/xrKF4Dp3UdlKdzDK2JvzCziF50SiH54ZuKbsKUa6Y
XwHiWHO7tsUW2+r6cnbf6FGcvylyeOtetQsoKvB2bMhEG0fn1B4+9k5IuXJpcQSHiKZhRa/l
qNWO95hKHvhtUO8dlTYtlTaSEmv6RAcfw2JcYKiB2GC97h3YpwimDC15sfzwYdnhTdSXF54C
VPgwHPL85cR/YI7KlQtjvI6yz14mma7ffYN6W7UBDPPc/5emiYIgxbwEBFZ5orfkvPtfeJUu
T3FI7RBmE8mPl/betefdZzqF1F357emrpuGH9gZbJp98SgruQqgxggSCMIIEfgIBATCByzCB
vzELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJ
S2FybHNydWhlMSowKAYDVQQKEyFLYXJsc3J1aGUgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kx
JzAlBgNVBAsTHlN0ZWluYnVjaCBDZW50cmUgZm9yIENvbXB1dGluZzEPMA0GA1UEAxMGS0lU
LUNBMRkwFwYJKoZIhvcNAQkBFgpjYUBraXQuZWR1AgcYbcl+jZBKMAkGBSsOAwIaBQCgggKL
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDUyMTEzNDAw
MlowIwYJKoZIhvcNAQkEMRYEFLr0G/Ny1mT5VTwToGY7eVhT18y0MGwGCSqGSIb3DQEJDzFf
MF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC
AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgdwGCSsGAQQBgjcQ
BDGBzjCByzCBvzELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzES
MBAGA1UEBxMJS2FybHNydWhlMSowKAYDVQQKEyFLYXJsc3J1aGUgSW5zdGl0dXRlIG9mIFRl
Y2hub2xvZ3kxJzAlBgNVBAsTHlN0ZWluYnVjaCBDZW50cmUgZm9yIENvbXB1dGluZzEPMA0G
A1UEAxMGS0lULUNBMRkwFwYJKoZIhvcNAQkBFgpjYUBraXQuZWR1AgcYbcl+jZBKMIHeBgsq
hkiG9w0BCRACCzGBzqCByzCBvzELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0
dGVtYmVyZzESMBAGA1UEBxMJS2FybHNydWhlMSowKAYDVQQKEyFLYXJsc3J1aGUgSW5zdGl0
dXRlIG9mIFRlY2hub2xvZ3kxJzAlBgNVBAsTHlN0ZWluYnVjaCBDZW50cmUgZm9yIENvbXB1
dGluZzEPMA0GA1UEAxMGS0lULUNBMRkwFwYJKoZIhvcNAQkBFgpjYUBraXQuZWR1AgcYbcl+
jZBKMA0GCSqGSIb3DQEBAQUABIIBAAOISy/Mm91AHMWer5VA5LCWRYZqny4BhTT6jeVY0KqG
1dCT1yTpuNgEeXXoeo1u63UrVmkE1i15G4reZqqKL7IPhuA0MZDSQt/0tJoWIfdKSC4wdwVW
herywWsER2M2YZ0UU9cCkqdrDeL5rKgYTxKQywnphcPJ2My8ptCstSgaYkOLX9VyTD+LV4iw
Jl19HbsffJD3m1gNMGLKalEQ7qsbNJiCimG42PMsBAGZgtQudlf8pB1/G+YyLr0iyofPscUy
Wqe66anT6WourEgOpyB1ja1fwRnfQ4Bm+OP6mAWBHX90fwGF7MH9bdNpxQAd4RLKCbB7q/pY
Ydqmm9LmYgIAAAAAAAA=
--------------ms010708050400030103060400--
--===============1361949121==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1361949121==--
